In a recent court ruling in Rotterdam, Dutch software provider Nebu has been ordered to provide market research firm Blauw with information regarding a cyber attack on its systems and the resulting data theft. If Nebu fails to comply with this ruling, it will face penalties of up to €500,000. Blauw uses Nebu’s solutions for conducting market research on behalf of its clients.
In March, hackers breached Nebu’s servers, stealing data in the process. Blauw argued that it did not receive sufficient information from Nebu regarding the attack, its aftermath, and the steps taken by Nebu. As a result, Blauw filed a lawsuit demanding detailed information and an independent forensic investigation.
The court ruled in favor of Blauw, ordering Nebu to provide extensive information on the breach, including how the attackers gained access and their actions while on the systems. Nebu must also share all available information on the stolen data and the attackers, while being mindful of potentially sensitive information. The court also imposed penalties for non-compliance and awarded Blauw €2,400 in costs.
So far, 139 organizations have reported the Nebu data breach to the Dutch Data Protection Authority.